Paloma's privacy policy

Paloma in Sweden AB ("Paloma") cares about your privacy and makes sure that your personal data is processed in a safe, correct and legal manner. Paloma has adopted this privacy policy in order to inform you about how we treat and process your personal data. Should you in any way submit personal data to us at Paloma, we encourage you to first read through this privacy policy.

Paloma deals with various categories of personal data in a number of different contexts.

In the main part of the processing of personal data, Paloma acts as a data processor on behalf of Paloma's customers (customers are hereinafter referred to as "Users"). Such processing occurs when Users use Paloma’s services that administer registration for events and sending of e-mails (Postman and Magnet). The personal data will in this way be processed by Paloma, but it is the Users who are responsible for the processing of personal data. The Users are seen as data controllers. That means that they have influence and control over how the processing of personal data occurs, and therefore have the primary responsibility to ensure that personal data is processed in accordance with the applicable legislation.

Paloma also processes some personal data of which we are data controllers. When Paloma acts as data controller it means that we control how the processing of personal data occurs and that we are primarily responsible for ensuring that the personal data is processed in accordance with the applicable legislation.

This privacy policy covers our treatment of personal data, regardless of how the personal data has been obtained and regardless of whether Paloma is seen as a data controller or as a data processor. The first part of this policy will cover personal data where Paloma is the data controller. This is followed by a second part which covers personal data where Paloma is the data processor. Lastly, a general part concludes this policy.

PALOMA AS PERSONAL DATA CONTROLLER

Categories of data subjects

This section will explain which categories of personal data that are processed under each category of data subjects for which Paloma is the data controller. The categories of data subjects are: customers, suppliers, job seekers and website visitors.

Paloma treats personal data relating to its customers. Personal data is collected primarily in connection with the creation of a customer account at Paloma’s website. The categories of personal data that are collected and processed when an account is created are:

identification data in the form of name,

contact information in the form of email address and telephone number,

login credentials in the form of username and password,

information on occupation and employment, in the form of workplace and

electronic identification data in the form of IP address and cookies.

Paloma also processes payment information of their customers including payment history, billing and if applicable, payment reminders.

Paloma processes personal data about their suppliers. The categories of personal data collected and processed are:

identification data in the form of name,

contact information in the form of postal address, email address and telephone number,

information on occupation and employment, in the form of workplace and

payment information including payment history and past invoices.

Personal data are processed when you are seeking employment at Paloma. The categories of personal data that are collected and processed in connection with recruitments are:

identification information such as name, title, and personal identity number,

contact information such as address, phone number and email address,

financial information such as information on pay, and salary requirements,

data of a personal nature, such as age and date of birth, and

CV with completed courses, grades and references.

Paloma also processes certain personal data when you visit Paloma’s home page. The categories of personal data which are processed are:

electronic identification data in the form of IP address and cookies.

Personal data may additionally be supplemented, collected and controlled by the use of public and other registers, such as a population registration register, registers from credit reporting companies, company registers etc.

The use of personal data

Paloma only processes such personal data that we have a lawful basis and a specific purpose of processing.

The purpose of the processing is to fulfil obligations in Paloma’s obligations towards customers, suppliers and employees. Paloma has, for example, obligations to its customers to deliver Paloma’s services.

The legal basis for the processing of customers’ and suppliers’ personal data is fulfilment of the respective agreements that Paloma has entered into with its customers and suppliers.

If you are seeking employment at Paloma, we will handle your personal data in connection with the recruitment process in order to find a suitable candidate. The legal basis for this is Paloma's legitimate interest. If we have a purpose to save your application documents for later recruitments, we will ask for your consent.

If you visit our website your IP address and cookies are processed for statistical purposes. A cookie is a small text file sent from our web server and saved by your browser. We use as few cookies as possible on our website to maintain a good service on the website. There are two kinds of cookies, "regular" cookies and session cookies. Session cookies disappear when you close your browser and are not saved, while regular cookies are stored on your computer. We use cookies to calculate the number of users and to monitor traffic on our website. By understanding how the site is used, we can develop and improve it. As a user, you can turn off the web-browsers ability to save cookies on your computer via your browser settings. For more information, visit the National Post and Telecom Agency's website (www.pts.se).

Personal data may also be processed for marketing on the basis of Paloma's legitimate interest to communicate with customers that are using Paloma’s services, or those that might be interested in using the Paloma's services in the future. Personal data may also be processed to administer invitations to events and to develop the business. It may also be necessary for Paloma to process the personal data in order to fulfil Paloma’s legal obligations.

Consent

The processing of personal data may be based upon a given consent for a specific purpose. If you have given consent for processing of your personal data for a specific purpose, you are free to revoke the consent by contacting us. Even though the consent is revoked, Paloma may have the right to continue the processing on the basis of other lawful bases, such as fulfilling an ongoing agreement between you and Paloma.

Recipients of the personal data

Paloma may share personal data that Paloma is a data controller for to the data subject and to third parties where this is necessary or beneficial for Paloma. A third party shall mean a company that Paloma has a business relationship or a personal data processing agreement with, or a governmental authority.

Some of the above recipients are to be regarded as independent personal data controllers, but the bulk of the recipients are considered Paloma’s personal data processors. If your personal data is shared with a company that is an autonomous data controller, the company's or agency's own privacy policy and personal data management applies.

When Paloma shares personal data with our processors (for example suppliers of IT services) it is done only for purposes that are compatible with the purposes for which we collect the data. Paloma has entered into agreements with our processors and we conduct audits of processors to ensure they can provide sufficient guarantees regarding the security and confidentiality of personal data, and comply with our limitations and requirements for the transfer of personal data to third parties outside the EEA.

In some cases, personal data is disclosed to parties located outside the European economic area (EEA) and the personal data may therefore be processed outside the EEA. Paloma will only share personal data with companies in third countries which have an adequate level of protection, or by approved methods that are considered to achieve an adequate level of protection.

Security measures

Paloma has taken appropriate technical, administrative and organizational security measures in order to ensure that personal data may only be processed by qualified personnel, and to prevent the occurrence of personal data breaches.

The storage period

Your personal data will be stored as long as necessary to fulfill the purposes of the processing. Personal data relating to a customer agreement will for example be saved as long as the customer agreement is active and for one years thereafter. The processing of personal data for other purposes than completion of customer agreements are saved in accordance with an established retention routine. Paloma also works continuously to retain personal data when it has been depreciated and/or when the purpose of the processing has ended.

Personal data controller

Paloma is the persona data controller for the treatment described above. Paloma is responsible for the processing carried out in respect to personal data. Paloma can be contacted via info@paloma.se.

PALOMA AS PERSONAL DATA PROCESSOR

Paloma also processes personal data on behalf of its Users. The processing occurs in accordance with the Users instructions and in accordance with applicable legislation. Paloma has entered into data processing agreements with the Users where Paloma guarantees to take appropriate technical and organizational measures to ensure that the data subject’s rights are protected. When the contractual relationship between Paloma and a User expires, personal data will be deleted or returned in accordance with the data processing agreement between Paloma and the User. The Users have the right to carry out audits in order to ensure that Paloma follow their commitments on security and privacy for personal data.

Below follows information on the processing of personal data that can occur when Users are processing the personal data within Paloma’s services.

Categories of personal data

Paloma essentially provides two types of services. When personal data is processed by Paloma’s service Postman (sending newsletters) the following categories of personal data will typically be processed:

identification data such as name and social security number,

contact information such as address, phone number and email address, and

some personal data on occupation and employment, such as employer, title or place of work.

When personal data is processed by Paloma’s service Magnet (Registration pages and ticket sales), the following categories of personal data will typically be processed:

identification data such as name and social security number,

contact information such as address, phone number and email address,

electronic identification data such as IP addresses and cookies,

certain health information, specifically stating allergies or handicap, as well as

some personal data on occupation and employment, such as employers, title or place of work.

Paloma’s services are structured in such a way that Users are able to freely add information, which sometimes may include personal data. Other categories of personal data may thus occur in specific e-mails or on specific event-registration pages.

The personal data is often collected with the data subject as an informant, or through the use of the public and other records, such as registers, credit reporting companies, company registers etc.

The use of personal data

Paloma’s User’s have in the data processing agreement committed to only process such personal data that they have a lawful basis for processing, and a specific purpose to process.

Paloma does not have full insight into the Users specific purposes for the processing of personal data. Typical purposes for the processing of personal data in connection with the use of Paloma’s service for newsletter (Postman) is marketing and advertising as well as being able to convey news. Typical purposes for the processing of personal data in connection with the use of Paloma’s service for events (Magnet) is to administer registrations and notifications to, for example, events, courses and seminars.

Users may have a number of lawful basis for their processing. They may obtain consent, have a contractual relationship with the data subject or have a legitimate interest of the processing. Personal data may also be processed for Users to be able to fulfil the obligations imposed on them by law.

If the processing of personal data is based on a given consent for a specific purpose, you are free to withdraw your consent by contacting the User. Paloma may, if necessary, refer to the appropriate Users. Even if the consent is withdrawn, the User may have the right to process personal data on the basis of another lawful basis, such as to fulfill an ongoing contract between you and the user.

The storage period

Paloma's services are structured in such a way that the Users are able to freely add information, which sometimes may include personal data. It is the Users who retain personal data when the purpose of the processing is fulfilled. When a User terminates their agreement with Paloma, a notice period is set. After this date the User no longer has access to the account. 60 days after this date, all data, including personal data, is deleted on the account (address lists, questionnaires, etc.).

The reason that data is saved for 60 days is that sometimes all users of a User account are not aware of who is currently using the account. Suddenly another person using an account may no longer have access. Then it is important that Paloma is able to recreate the account for some time after the termination.

Recipients of personal data

Outside of the processing that Paloma carries out after Users instructions, Paloma does not have full insight into your Users' processing of personal data. The user may disclose personal data to other third parties when this is necessary or beneficial to the user. Users may also share the information with other processors than Paloma where it is necessary or advantageous to enable them to perform their duties. The User would also disclose personal data to such party who is outside the EEA.

YOUR RIGHTS AS A DATA SUBJECT

You have the right to request information about which personal data we process. You also have the right to request that your personal data is deleted, corrected or restricted. You also have the right to request that your data shall not be used for direct marketing purposes. You furthermore have the right to request us to deliver your personal data in a machine-readable format (or, if technically possible, to transfer the data to a third party of your instruction).

A request for information, deletion, correction or restriction shall be addressed to the personal data controller. Contact Paloma if Paloma is the personal data controller for your personal data and the respective User if they are the personal data controller for your personal data. Paloma will pass on requests to the User if such a request would be wrongly directed to Paloma.

If you are dissatisfied with the processing of your personal data, you can file a complaint to the supervisory authority, which in Sweden is Datainspektionen (www.datainspektionen.se).

You may also contact the supervisory authority in your country of residence.

ADDITIONS AND CHANGES

Paloma may make additions and changes to this policy. If this occurs, an updated policy will be published on our website. We then encourage you to carefully review the updated policy.

CONTACT INFORMATION

If you have any questions or comments regarding this privacy policy, our personal data processing in general, or if you need help regarding who to contact, you can contact Paloma at info@paloma.se.

Get our smart tips on digital marketing. The newsletter will be published with about 10 numbers a year and of course we will not leave your address to anyone. Much pleasure!